Benchmarking

Supporting ISG Deployment - Part V

What ever your perspective may be, the importance of effective and efficient ISG cannot be overlooked in the current global high technology environment. Considering what is at stake for most entities, when security is compromised, usually justifying ISG deployment based on one viewpoint narrows managerial suitability and expected benefits. In the final analysis, combining the discussed individual abstraction level may provide the most appropriate support for institutionalizing ISG.

“View Part I of the Supporting ISG Deployment series here“

Supporting ISG Deployment - Part IV

If, however, you assume ISG provides financial and/or reputational benefits, potential stakeholders are presumed to rely upon governance elements prior to investing their time, talent, and/or money. Therefore, ascertaining the effectiveness and efficiency of entity-centric information security objectives, through adequate monitoring, is rudimentary to sound business practices for satisfying stakeholder safeguarding expectations. In this regard, effectiveness and efficiency evaluation requires measurement against established standards. The performance measures should be established when standards are created or adopted. Techniques utilized for ISG implementation include: maturity modeling, budgeting, benchmarking, and gap analysis. Base on the perceived opportunity for enrichment, with provable risk reductions, publicized superior ISG deployment may attract additional investors.

“View Part I of the Supporting ISG Deployment series here“

Developing Objectives - Part IV

MBO is a participative behavioral approach to managing employees. One of the primary MBO assumptions is that employees prefer to work hard once they are provided with employer expectations. Intuitively, sustaining accepted expectations necessitates employees believe stated intentions are achievable. Therefore, MBO imposes consideration and incorporation of employee views concerning objectives to enable effective and efficient information assets protection processes.

“View Part I of the Developing Objectives series here“

Developing Objectives - Part III

A system for disseminating information security management objectives is considered fundamental to obtain employee commitment. One way to communicate entity-centric information security objectives is clear and concise policies. Information security management’s role in policy formulation includes considering the control environment, risk assessments, information, communication, and activities. Though policies are an important means to convey expected behavior, even more critical is determining the effectiveness of adopted IT safeguarding objectives. Effectiveness evaluation requires measurement against established information security standards. Consequently, ratiocinative information security standards must be designed and implemented.

“View Part I of the Developing Objectives series here“

Developing Objectives - Part II

Within behavioral management theory, entity leaders have alternative approaches available to accomplish information assets safeguarding objectives development — including participative, consultative, free rein, and autocratic models. Participative behavioral management emphasizes consideration and incorporation of employee views in decisions, while maintaining managerial decision authority. Consultative behavioral management stresses consideration of employee views, without incorporation, while maintaining managerial decision authority. Free rein management allows employees to make their own decisions concerning subject matters. Lastly, autocratic management underscores dictating decisions to employees. Based on empirical evidence, most entities currently prefer deploying a participative approach to managing entity-centric objectives development.

Setting objectives and establishing processes to accomplish designed objectives is a managerial responsibility. Tactically, the manager responsible for a plan’s implementation should set objectives with advice obtained from the entity’s planning committee, top-level executives and line subordinates. To this end, the Management by Objectives (MBO) methodology normally drives employee consensus building. However, an entity’s planning committee and top-level executives may be too removed from daily information security operations to yield reasonable objectives. Furthermore, line subordinates may have limited knowledge concerning organizational intricacies to permit adopting recommended information security objectives. Therefore, a security manager may have to rely on evaluating generally accepted information security frameworks to develop entity-centric objectives.

“View Part I of the Developing Objectives series here“

Developing Objectives - Part I

There exist various theories regarding managing employees. Behavioral management theorists believe leadership traits are not genetic. Thus, leaders assume distinct behaviors that can be studied and applied according to individual perceptions of assigned responsibility. When an individual is consigned leadership, managerial responsibility for the assignment’s duration is implied, if not explicitly stated.